From 2d2267f604702c13ca276b5bb21f41f5ecbf1895 Mon Sep 17 00:00:00 2001 From: jakani24 Date: Fri, 26 Apr 2024 15:56:50 +0200 Subject: [PATCH] u --- .../insecure_zone/php/add_user_passkey.php | 187 ++++++++++++++++++ .../system/secure_zone/php/passwd.php | 12 +- 2 files changed, 193 insertions(+), 6 deletions(-) create mode 100644 src/server/cyberhex-code/system/insecure_zone/php/add_user_passkey.php diff --git a/src/server/cyberhex-code/system/insecure_zone/php/add_user_passkey.php b/src/server/cyberhex-code/system/insecure_zone/php/add_user_passkey.php new file mode 100644 index 0000000..d9bfedb --- /dev/null +++ b/src/server/cyberhex-code/system/insecure_zone/php/add_user_passkey.php @@ -0,0 +1,187 @@ +connect_error) { + $success=0; + die("Connection failed: " . $conn->connect_error); +} +try { + session_start(); + + // read get argument and post body + $fn = filter_input(INPUT_GET, 'fn'); + $requireResidentKey = !!filter_input(INPUT_GET, 'requireResidentKey'); + $userVerification = filter_input(INPUT_GET, 'userVerification', FILTER_SANITIZE_SPECIAL_CHARS); + + $userId = filter_input(INPUT_GET, 'userId', FILTER_SANITIZE_SPECIAL_CHARS); + $userName = filter_input(INPUT_GET, 'userName', FILTER_SANITIZE_SPECIAL_CHARS); + $userDisplayName = filter_input(INPUT_GET, 'userDisplayName', FILTER_SANITIZE_SPECIAL_CHARS); + + $userId = preg_replace('/[^0-9a-f]/i', '', $userId); + $userName = preg_replace('/[^0-9a-z]/i', '', $_SESSION["username"]); + $userDisplayName = preg_replace('/[^0-9a-z öüäéèàÖÜÄÉÈÀÂÊÎÔÛâêîôû]/i', '', $userDisplayName); + + $post = trim(file_get_contents('php://input')); + if ($post) { + $post = json_decode($post, null, 512, JSON_THROW_ON_ERROR); + } + + if ($fn !== 'getStoredDataHtml') { + + // Formats + $formats = []; + //if (filter_input(INPUT_GET, 'fmt_android-key')) { + $formats[] = 'android-key'; + //} + ///if (filter_input(INPUT_GET, 'fmt_android-safetynet')) { + $formats[] = 'android-safetynet'; + //} + //if (filter_input(INPUT_GET, 'fmt_apple')) { + $formats[] = 'apple'; + //} + //if (filter_input(INPUT_GET, 'fmt_fido-u2f')) { + $formats[] = 'fido-u2f'; + //} + //if (filter_input(INPUT_GET, 'fmt_none')) { + $formats[] = 'none'; + //} + //if (filter_input(INPUT_GET, 'fmt_packed')) { + $formats[] = 'packed'; + //} + //if (filter_input(INPUT_GET, 'fmt_tpm')) { + $formats[] = 'tpm'; + //} + + $rpId=$_SERVER['SERVER_NAME']; + + $typeUsb = true; + $typeNfc = true; + $typeBle = true; + $typeInt = true; + $typeHyb = true; + + // cross-platform: true, if type internal is not allowed + // false, if only internal is allowed + // null, if internal and cross-platform is allowed + $crossPlatformAttachment = null; + if (($typeUsb || $typeNfc || $typeBle || $typeHyb) && !$typeInt) { + $crossPlatformAttachment = true; + + } else if (!$typeUsb && !$typeNfc && !$typeBle && !$typeHyb && $typeInt) { + $crossPlatformAttachment = false; + } + + + // new Instance of the server library. + // make sure that $rpId is the domain name. + $WebAuthn = new lbuchs\WebAuthn\WebAuthn('WebAuthn Library', $rpId, $formats); + + // add root certificates to validate new registrations + //if (filter_input(INPUT_GET, 'solo')) { + $WebAuthn->addRootCertificates('rootCertificates/solo.pem'); + //} + //if (filter_input(INPUT_GET, 'apple')) { + $WebAuthn->addRootCertificates('rootCertificates/apple.pem'); + //} + //if (filter_input(INPUT_GET, 'yubico')) { + $WebAuthn->addRootCertificates('rootCertificates/yubico.pem'); + //} + //if (filter_input(INPUT_GET, 'hypersecu')) { + $WebAuthn->addRootCertificates('rootCertificates/hypersecu.pem'); + //} + //if (filter_input(INPUT_GET, 'google')) { + $WebAuthn->addRootCertificates('rootCertificates/globalSign.pem'); + $WebAuthn->addRootCertificates('rootCertificates/googleHardware.pem'); + //} + //if (filter_input(INPUT_GET, 'microsoft')) { + $WebAuthn->addRootCertificates('rootCertificates/microsoftTpmCollection.pem'); + //} + //if (filter_input(INPUT_GET, 'mds')) { + $WebAuthn->addRootCertificates('rootCertificates/mds'); + //} + + } + + // Handle different functions + if ($fn === 'getCreateArgs') { + $createArgs = $WebAuthn->getCreateArgs(\hex2bin($userId), $userName, $userDisplayName, 60*4, $requireResidentKey, $userVerification, $crossPlatformAttachment); + + header('Content-Type: application/json'); + print(json_encode($createArgs)); + + // save challange to session. you have to deliver it to processGet later. + $_SESSION['challenge'] = $WebAuthn->getChallenge(); + + } else if ($fn === 'getGetArgs') { + $ids = []; + + if ($requireResidentKey) { + if (!isset($_SESSION['registrations']) || !is_array($_SESSION['registrations']) || count($_SESSION['registrations']) === 0) { + throw new Exception('we do not have any registrations in session to check the registration'); + } + + } else { + // load registrations from session stored there by processCreate. + // normaly you have to load the credential Id's for a username + // from the database. + if (isset($_SESSION['registrations']) && is_array($_SESSION['registrations'])) { + foreach ($_SESSION['registrations'] as $reg) { + if ($reg->userId === $userId) { + $ids[] = $reg->credentialId; + } + } + } + + if (count($ids) === 0) { + throw new Exception('no registrations in session for userId ' . $userId); + } + } + + $getArgs = $WebAuthn->getGetArgs($ids, 60*4, $typeUsb, $typeNfc, $typeBle, $typeHyb, $typeInt, $userVerification); + + header('Content-Type: application/json'); + print(json_encode($getArgs)); + + // save challange to session. you have to deliver it to processGet later. + $_SESSION['challenge'] = $WebAuthn->getChallenge(); + } else if ($fn === 'processCreate') { + // Process create + $challenge = $_SESSION['challenge']; + $clientDataJSON = base64_decode($post->clientDataJSON); + $attestationObject = base64_decode($post->attestationObject); + + // Process create and store data in the database + $data = $WebAuthn->processCreate($clientDataJSON, $attestationObject, $challenge, $userVerification === 'required', true, false); + + // add user infos + $data->userId = $userId; + $data->userName = $userName; + $data->userDisplayName = $userDisplayName; + + // Store registration data in the database + $stmt = $conn->prepare("UPDATE users set user_hex_id = ?, credential_id = ?, public_key = ?, counter = ? WHERE username = ?"); + //$stmt = $conn->prepare("INSERT INTO users (user_hex_id, credential_id, public_key, counter) VALUES (?, ?, ?, ?)"); + //var_dump($data); + $stmt->execute([$userId, $data->credentialId, $data->credentialPublicKey, $data->signatureCounter,$userName]); + + $msg = 'registration success.'; + $return = new stdClass(); + $return->success = true; + $return->msg = $msg; + header('Content-Type: application/json'); + print(json_encode($return)); + } + +} catch (Throwable $ex) { + $return = new stdClass(); + $return->success = false; + $return->msg = $ex->getMessage(); + + header('Content-Type: application/json'); + print(json_encode($return)); +} +?> \ No newline at end of file diff --git a/src/server/cyberhex-code/system/secure_zone/php/passwd.php b/src/server/cyberhex-code/system/secure_zone/php/passwd.php index d2f6024..f2bc614 100644 --- a/src/server/cyberhex-code/system/secure_zone/php/passwd.php +++ b/src/server/cyberhex-code/system/secure_zone/php/passwd.php @@ -32,7 +32,7 @@ $email = $_SESSION["email"]; } // get create args - let rep = await window.fetch('/system/insecure_zone/php/create_admin_backend.php?fn=getCreateArgs' + getGetParams(), {method:'GET', cache:'no-cache'}); + let rep = await window.fetch('/system/insecure_zone/php/add_user_passkey.php?fn=getCreateArgs' + getGetParams(), {method:'GET', cache:'no-cache'}); const createArgs = await rep.json(); // error handling @@ -55,7 +55,7 @@ $email = $_SESSION["email"]; }; // check auth on server side - rep = await window.fetch('/system/insecure_zone/php/create_admin_backend.php?fn=processCreate' + getGetParams(), { + rep = await window.fetch('/system/insecure_zone/php/add_user_passkey.php?fn=processCreate' + getGetParams(), { method : 'POST', body : JSON.stringify(authenticatorAttestationResponse), cache : 'no-cache' @@ -80,7 +80,7 @@ $email = $_SESSION["email"]; function queryFidoMetaDataService() { - window.fetch('/system/insecure_zone/php/create_admin_backend.php?fn=queryFidoMetaDataService' + getGetParams(), {method:'GET',cache:'no-cache'}).then(function(response) { + window.fetch('/system/insecure_zone/php/add_user_passkey.php?fn=queryFidoMetaDataService' + getGetParams(), {method:'GET',cache:'no-cache'}).then(function(response) { return response.json(); }).then(function(json) { @@ -180,9 +180,9 @@ $email = $_SESSION["email"]; url += '&rpId=auth.jakach.com'; - url += '&userId=' + ; - url += '&userName=' + ; - url += '&userDisplayName=' + ; + url += '&userId=' + ''; + url += '&userName=' + ''; + url += '&userDisplayName=' + ''; url += '&userVerification=discouraged';